Delio Engineering has decided to start selling "Delio" branded hoodies and coasters. We have developed an API back-end written in Node JS and started building the infrastructure in Terraform. Before the code is deployed the Head of TechOps has asked you to conduct a security audit of the current codebase.
It's your job to review the security of the new site. To complete this task, you'll need to:
- Create a high-level infrastructure architecture diagram showing a secure way to host the API and frontend in either AWS or Azure.
- Document any security vulnerabilities you find. Detail any findings and categorise them by severity
- Create an action plan which details how you will remediate each issue
- Implement tooling to identify and resolve vulnerabilities automatically
- Show a clean commit history and an understanding of Git.
Optional extras:
- Add security tests for the code
- Create a security pipeline.
Please do not hesitate to get in touch with any questions you have during the process.